Hi #Aadhaar
! Can we talk about the #BenefitsOfAadhaar for the #India population?
I quickly check your #android app on the #playstore and you have some security issues...It's super easy to get the password of the local database for example...
http://play.google.com/store/apps/details?id=in.gov.uidai.mAadhaarPlus …
-
-
Storing data in a local database is a common practise in the
#Android world. In the#Aadhaar#android app they store: - user password data (hash) - notification - Ki value - EKYC Profile Data - Biometric Prefs - Bio Lock Timeout - App Configurationpic.twitter.com/cCfaAKFVkB
Show this thread -
According to the official documentation, https://aadhaarapi.com/aadhaar-response-format/ …, EKYC Profile Data contains the following data: - User_Id - Aadhar_Id - Name - Dob - Gender - Address - Photo - ...pic.twitter.com/x1TI9uXXTM
Show this thread -
So
@UIDAI you are storing a biometric data on the local database: the photo of the user.Show this thread
End of conversation
New conversation -
-
-
The sad part is that it really isn't hard to figure all of that out. Why did they think appending a few /random/ numbers to a hardcoded string (assuming it's dynamic) and base64 was suitable? Have they not heard of bruteforce?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
- End of conversation
New conversation -
-
Obviously base_64 will produce the same encoding of the same string. They don't event use bcrypt ?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@UIDAI what do you guys say about it? Is someone taking it seriously?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.




